From mboxrd@z Thu Jan  1 00:00:00 1970
From: Laurent Bigonville <bigon@debian.org>
Subject: Bug#759604: Any problem with making auditd log readable by the adm group?
Date: Wed, 11 May 2016 09:55:33 +0200
Message-ID: <ad8f4cd5-a921-c66d-881b-2b00ec4f07cc@debian.org>
References: <85futrf3ts.fsf@boum.org>
Reply-To: Laurent Bigonville <bigon@debian.org>, 759604@bugs.debian.org
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
Return-path: <bounce-debian-bugs-dist=glddb-debian-bugs-dist=m.gmane.org@lists.debian.org>
Resent-To: debian-bugs-dist@lists.debian.org
Resent-Message-ID: <handler.759604.B759604.14629533404683@bugs.debian.org>
In-Reply-To: <85futrf3ts.fsf@boum.org>
List-URL: <https://lists.debian.org/debian-bugs-dist/>
List-Post: <mailto:debian-bugs-dist@lists.debian.org>
List-Help: <mailto:debian-bugs-dist-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-bugs-dist-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-bugs-dist-request@lists.debian.org?subject=unsubscribe>
To: intrigeri <intrigeri@debian.org>, 759604@bugs.debian.org, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Le 09/05/16 =E0 21:07, intrigeri a =E9crit :
> Hi,
Hey,
> in Debian, the convention for many log files is to make them readable
> by members of the adm group. We're considering doing the same for the
> auditd logs, in order to make apparmor-notify work out-of-the-box.
Shouldn't apparmor-notify use the audispd to get the events instead of=20
parsing directly the logs?

I'm not objecting changing the permissions in debian, but I'm wondering=20
if it shouldn't be better to do it like that, I think that the=20
setroubleshoot (a SELinux troubleshooting service used in RHEL/Fedora)=20
is doing it like that.

Cheers,

Laurent Bigonville